and http://en.wikipedia.org/wiki/GNU_Privacy_Guard
What is PGP?
Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991 while working at PKWARE, Inc.
PGP and similar software follow the OpenPGP standard (RFC 4880) for encrypting and decrypting data.
What is PGP mainly used for?
Pretty Good Privacy can be used to authenticate digital certificates and encrypt/decrypt texts, emails, files, directories and whole disk partitions. Symantec, for example, offers PGP-based products such as Symantec File Share Encryption for encrypting files shared across a network and Symantec Endpoint Encryption for full disk encryption on desktops, mobile devices and removable storage. In the case of using PGP technology for files and drives instead of messages, the Symantec products allows users to decrypt and re-encrypt data via a single sign-on.
How does PGP work?
What is the web of trust?
Scematic representation of an web of trust:
Quelle: http://upload.wikimedia.org/wikipedia/commons/thumb/4/49/Web_of_Trust_2.svg/800px-Web_of_Trust_2.svg.png
How and why are certificates used? What is a certificate good for?
In the (more recent) OpenPGP specification, trust signatures can be used to support creation of certificate authorities. A trust signature indicates both that the key belongs to its claimed owner and that the owner of the key is trustworthy to sign other keys at one level below their own. A level 0 signature is comparable to a web of trust signature since only the validity of the key is certified. A level 1 signature is similar to the trust one has in a certificate authority because a key signed to level 1 is able to issue an unlimited number of level 0 signatures. A level 2 signature is highly analogous to the trust assumption users must rely on whenever they use the default certificate authority list (like those included in web browsers); it allows the owner of the key to make other keys certificate authorities.
What's the difference between PGP and GPG?
“PGP” stands for “Pretty Good Privacy.” It was developed by Phil Zimmermann. At first it was written as copyrighted freeware under the Gnu Public License. Later, PGP was upgraded and made into a propriety program. The rights for this program are traded around. The reason for this upgrade was legal defense costs and royalty issues related to the export laws of the USA. Now the PGP program is owned by PGP Corporation.
“GPG” stands for “Gnu Privacy Guard.” GPG is a re-write or upgrade of PGP. It does not use the IDEA encryption algorithm. This is to make it completely free. It uses the NIST AES, Advanced Encryption Standard. All the algorithm data is stored and documented publicly by OpenPGP Alliance. The main reason for this change is that AES costs less than IDEA and is considered more secure. Moreover, it is royalty free because it is not patented. GPG is more compatible than the original PGP with OpenPGP. GPG is also based on a command line. Windows frontends are also available for GPG other than the command line.
Which other methods can be used to encrypt E-Mails (see http://en.wikipedia.org/wiki/Email_encryption)?
- Enigmail - Thunderbird plug-in
- Entrust
- Echoworx
- Email authentication
- Email privacy
- Galaxkey - iOS, Android, Windows,BlackBerry and outlook plug-in
- GPGMail - OS X Mail.app plug-in
- MyKolab
- Secure Messaging
- Dark Mail Alliance
- HTTP Secure - a widely used communications protocol for secure communication over a computer network
- Hushmail
- Lavabit
- Mail1Click
- DataMotion, Inc.
How can PGP/GPG be used in popular E-Mail services (gmail, yahoo-mail, outlook)?
To use PGP, you will need to install some extra software that will work with your current email program. You will also need to create a private key, which you will keep private. The private key is what you will use to decrypt emails sent to you, and to digitally sign emails that you send to show they truly came from you. Finally, you'll learn how to distribute your public key—a small chunk of information that others will need to know before they can send you encrypted mail, and that they can use to verify emails you send.
Quellen: http://en.wikipedia.org/wiki/Pretty_Good_Privacy
http://en.wikipedia.org/wiki/GNU_Privacy_Guard
http://searchsecurity.techtarget.com/definition/Pretty-Good-Privacy
Keine Kommentare:
Kommentar veröffentlichen